From 070e17306721baae2c0034f610061e147740ae28 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Dec 2018 12:59:13 +0100 Subject: [PATCH 1/5] Another patch for #3389 (Fixes #3397) --- lib/core/common.py | 5 ----- lib/core/option.py | 1 - lib/takeover/metasploit.py | 15 ++------------- 3 files changed, 2 insertions(+), 19 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 75e3db096..8da52c896 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -997,11 +997,6 @@ def readInput(message, default=None, checkBatch=True, boolean=False): retVal = None kb.stickyLevel = None - if kb.lastInputMessage == message: - checkBatch = False - else: - kb.lastInputMessage = message - message = getUnicode(message) if "\n" in message: diff --git a/lib/core/option.py b/lib/core/option.py index 8081e3462..499cefb0b 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1792,7 +1792,6 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.injection = InjectionDict() kb.injections = [] kb.laggingChecked = False - kb.lastInputMessage = None kb.lastParserStatus = None kb.locks = AttribDict() diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index 8a8c0b74d..356eba16a 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -168,19 +168,8 @@ class Metasploit: choice = readInput(message, default="%d" % default) - if not choice: - if lst: - choice = getUnicode(default, UNICODE_ENCODING) - else: - return default - - elif not choice.isdigit(): - logger.warn("invalid value, only digits are allowed") - return self._skeletonSelection(msg, lst, maxValue, default) - - elif int(choice) > maxValue or int(choice) < 1: - logger.warn("invalid value, it must be a digit between 1 and %d" % maxValue) - return self._skeletonSelection(msg, lst, maxValue, default) + if not choice or not choice.isdigit() or int(choice) > maxValue or int(choice) < 1: + choice = default choice = int(choice) From 4f1b0787ed70deba6b3f76bf28adf3a7393b8cfa Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Dec 2018 13:04:53 +0100 Subject: [PATCH 2/5] Commit hooks were disabled --- lib/core/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index e6136207b..b1f28eb98 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.0" +VERSION = "1.2.12.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From ef911b6be4e5e2e07cca731192943b4000e3b158 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Dec 2018 13:10:01 +0100 Subject: [PATCH 3/5] Dummy commit (just to test hooks) --- lib/core/common.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 8da52c896..820a881f9 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3509,9 +3509,9 @@ def listToStrValue(value): return retVal -def intersect(valueA, valueB, lowerCase=False): +def intersect(containerA, containerB, lowerCase=False): """ - Returns intersection of the array-ized values + Returns intersection of the container-ized values >>> intersect([1, 2, 3], set([1,3])) [1, 3] @@ -3519,15 +3519,15 @@ def intersect(valueA, valueB, lowerCase=False): retVal = [] - if valueA and valueB: - valueA = arrayizeValue(valueA) - valueB = arrayizeValue(valueB) + if containerA and containerB: + containerA = arrayizeValue(containerA) + containerB = arrayizeValue(containerB) if lowerCase: - valueA = [val.lower() if isinstance(val, basestring) else val for val in valueA] - valueB = [val.lower() if isinstance(val, basestring) else val for val in valueB] + containerA = [val.lower() if isinstance(val, basestring) else val for val in containerA] + containerB = [val.lower() if isinstance(val, basestring) else val for val in containerB] - retVal = [val for val in valueA if val in valueB] + retVal = [val for val in containerA if val in containerB] return retVal From f81062d5957d4618ba0bc2fe994aa2651641cce1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Dec 2018 13:20:34 +0100 Subject: [PATCH 4/5] Resolving some more hooking problems --- extra/shutils/postcommit-hook.sh | 10 ++++++++++ extra/shutils/precommit-hook.sh | 10 ++++++++++ lib/core/settings.py | 2 +- txt/checksum.md5 | 22 +++++++++++----------- 4 files changed, 32 insertions(+), 12 deletions(-) diff --git a/extra/shutils/postcommit-hook.sh b/extra/shutils/postcommit-hook.sh index 77ed2824c..d5d0ed0cf 100755 --- a/extra/shutils/postcommit-hook.sh +++ b/extra/shutils/postcommit-hook.sh @@ -1,5 +1,15 @@ #!/bin/bash +""" +cat > .git/hooks/post-commit << EOF +#!/bin/bash + +source ./extra/shutils/postcommit-hook.sh +EOF + +chmod +x .git/hooks/post-commit +""" + SETTINGS="../../lib/core/settings.py" declare -x SCRIPTPATH="${0}" diff --git a/extra/shutils/precommit-hook.sh b/extra/shutils/precommit-hook.sh index 3c2137ce2..624df765a 100755 --- a/extra/shutils/precommit-hook.sh +++ b/extra/shutils/precommit-hook.sh @@ -1,5 +1,15 @@ #!/bin/bash +""" +cat > .git/hooks/pre-commit << EOF +#!/bin/bash + +source ./extra/shutils/precommit-hook.sh +EOF + +chmod +x .git/hooks/pre-commit +""" + PROJECT="../../" SETTINGS="../../lib/core/settings.py" CHECKSUM="../../txt/checksum.md5" diff --git a/lib/core/settings.py b/lib/core/settings.py index b1f28eb98..f45e3e8f2 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.8" +VERSION = "1.2.12.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b054da5c7..7cd9422e8 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -23,13 +23,13 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py -71334197c7ed28167cd66c17b2c21844 lib/controller/checks.py +0f0feede9750be810d2b8a7ab159b7b0 lib/controller/checks.py 95cde6dc7efe2581a5936f0d4635cb3b lib/controller/controller.py 988b548f6578adf9cec17afdeee8291c lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py -cb865cf6eff60118bc97a0f106af5e4d lib/core/agent.py +e62309b22a59e60b270e62586f169441 lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -9ed51d3e770b5cec2f8c91e962011d52 lib/core/common.py +9d040f1771efaab4fde8d09821a09f51 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -42,14 +42,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -7dacc178910ab4d57de36c3602bde17d lib/core/option.py +9bf3349158df05775eb41742d6402ad8 lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9f209388d9fed41480e57c8574d0111a lib/core/settings.py +e71aea1aff5751fdcdc97ba63973a603 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 52642badbbca4c31a2fcdd754d67a983 lib/core/target.py @@ -85,7 +85,7 @@ aaf956c1e9855836c3f372e29d481393 lib/request/methodrequest.py 747f9941a68361bd779ec760f71568e9 lib/takeover/abstraction.py acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py 1e5532ede194ac9c083891c2f02bca93 lib/takeover/__init__.py -46ff5840b29531412bcaa05dac190413 lib/takeover/metasploit.py +9b9aa94a1693efa7a9ae0783cfb56896 lib/takeover/metasploit.py fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py 6a49f359b922df0247eb236126596336 lib/takeover/udf.py a3d07df8a780c668a11f06be42014cdc lib/takeover/web.py @@ -96,11 +96,11 @@ db208ab47de010836c6bf044e2357861 lib/techniques/blind/inference.py 799faf9008527d2e9da9d923e50f685a lib/techniques/dns/test.py 48a24f48da791e67309003fd5e8428cb lib/techniques/dns/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/error/__init__.py -6007347548e85383705eaa4b863448a2 lib/techniques/error/use.py +214d916bb8b456ae698ca0f5523186ff lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py f7813cdee00df8f98d6f811475e520a1 lib/techniques/union/test.py -7361338240ecd9d01d1d10ec76bce069 lib/techniques/union/use.py +dbddd178a6ca941fa745d9b3edbb979b lib/techniques/union/use.py 038ec99105c59acc2b1c6cb90e9e4043 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py 31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py @@ -268,8 +268,8 @@ f177a624c2cd3431c433769c6eb995e7 tamper/modsecurityzeroversioned.py dcf3458f9010ca41bc4b56804f15792c tamper/overlongutf8more.py a3a3cef042b864c4226b63f89548f939 tamper/overlongutf8.py 89f8753a0ef65d2bb860c8864e9e935a tamper/percentage.py -a47aafcbc1de2deb85160e29de46f748 tamper/plus2concat.py -759b86cf3bb1d7871dc6489538253f94 tamper/plus2fnconcat.py +cec3be164c27df01f016f6b0e0981006 tamper/plus2concat.py +167ab896d300bcea811ee61a972950e1 tamper/plus2fnconcat.py b9db4cc9fc4e0a586198340d1268fdaf tamper/randomcase.py 28626e4b8c673228dcfe4f1627a9e08b tamper/randomcomments.py cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py @@ -478,7 +478,7 @@ d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml ccb5e02a692f75d11b7fd00f1db48bf5 xml/banner/x-powered-by.xml 385570003bf7d84f2502191eae8268c6 xml/boundaries.xml -a676d93d413b07d36495201d88671253 xml/errors.xml +e7c893dd4f3f1d6b5b6f5ffd717d38cc xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml 11547289b99eaced5b55185a3230529a xml/payloads/boolean_blind.xml 0656ba4132cd02477be90e65a7ddf6ce xml/payloads/error_based.xml From e47c1aa61bb14c6a7c895dad565054d28564ee4b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Dec 2018 13:21:36 +0100 Subject: [PATCH 5/5] Resolving some more hooking problems --- extra/shutils/postcommit-hook.sh | 4 ++-- extra/shutils/precommit-hook.sh | 4 ++-- lib/core/settings.py | 2 +- txt/checksum.md5 | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/extra/shutils/postcommit-hook.sh b/extra/shutils/postcommit-hook.sh index d5d0ed0cf..eb3db6c4e 100755 --- a/extra/shutils/postcommit-hook.sh +++ b/extra/shutils/postcommit-hook.sh @@ -1,6 +1,6 @@ #!/bin/bash -""" +: ' cat > .git/hooks/post-commit << EOF #!/bin/bash @@ -8,7 +8,7 @@ source ./extra/shutils/postcommit-hook.sh EOF chmod +x .git/hooks/post-commit -""" +' SETTINGS="../../lib/core/settings.py" diff --git a/extra/shutils/precommit-hook.sh b/extra/shutils/precommit-hook.sh index 624df765a..5a9fea424 100755 --- a/extra/shutils/precommit-hook.sh +++ b/extra/shutils/precommit-hook.sh @@ -1,6 +1,6 @@ #!/bin/bash -""" +: ' cat > .git/hooks/pre-commit << EOF #!/bin/bash @@ -8,7 +8,7 @@ source ./extra/shutils/precommit-hook.sh EOF chmod +x .git/hooks/pre-commit -""" +' PROJECT="../../" SETTINGS="../../lib/core/settings.py" diff --git a/lib/core/settings.py b/lib/core/settings.py index f45e3e8f2..ce145fec9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.9" +VERSION = "1.2.12.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 7cd9422e8..a105fb39a 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -e71aea1aff5751fdcdc97ba63973a603 lib/core/settings.py +7535ff33c85d9b886f9e631dc0158cb9 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 52642badbbca4c31a2fcdd754d67a983 lib/core/target.py